Answer & Explanation:Hello friend,this is it will be different topic or subject .let me know if you have question regarding this work !!- All work should be your own – you’re free to use the text, your notes, or other research sources other than your classmates
or other people. All sources must be cited. That means you should have a citation in every answer … But if the source is the
textbook, class discussion, or your own work experience, feel free to cite them that way, e.g. “(textbook)”, “(class
discussion)”, or “(work experience)”. No need to go find a specific article or page number from the text.
– Grammar, punctuation, and spelling count for 20% of the total point value.! Answers should be in prose/paragraph form, not outlines. Exceptions: if a bullet list or table is a clear and
convincing way to present part of an answer, that will be acceptable.
– Pick five (5) of the following question boxes to address. Include the original question with your answer, so it’s clear which
one you’re answering☺. Each question identifies a range of lengths for the answer. Be sure that your answer addresses the
specific context of the question.
You are a manager of an e-commerce site in the financial services industry. Users have to log into their account on
your site to access your services. The holiday season is approaching and you are looking for ways to ensure the
availability of your site. A vendor proposes a solution whereby they monitor your site as follows:a- You provide them with credentials (user name and password).b- Every ten minutes they run an automated script to log into your site with these credentials to make sure that the site is up and running and services are available.
Assuming the solution is within your budget, how might you respond and why?
Sign up and grant them the credentials with unlimited access so everything is monitored
Sign up but limit the access of the credentials to only login to a designated page
Don’t sign up due to security concerns
Don’t sign up due to too much traffic congestion from the monitoring.
You might choose to pick a couple of these potential approaches and lay out pros and cons for them (bullet
points or table structures are OK; aim for the rough equivalent of a couple of paragraphs of content and
You are responsible for managing elections in the United States. What concerns do you have about the perception of
the election process, in terms of its information security? Describe the risks to each part of the CIA triangle
The Internet of Things (IoT) is a big topic of discussion among InfoSec professionals, with new risks created by
connecting previously “dumb” devices to the Internet, not only for home use, but also for online security cameras,
industrial sensors and controls, and other such things. Pick two examples of newly Internet-connected devices, and
describe the potential risks that are created because of the Internet connection. Your answer can be in terms of
personal risks (for consumer products) or business risks (because of workplace connections or other reasons). Feel
free to use additional research resources. (2-3 paragraphs)
In addition to information security, there are several different types of security systems in any substantial
organization, including things like physical security, personnel security, etc. Name at least two additional areas of security focus, and describe why they are important and how they might relate to information security in a banking organization. (2-3 paragraphs)5. Consider a company like Facebook, which serves millions (billions?) of customers, and claims to require that each account be associated with exactly one person, and that the person must correctly identify themselves. Describe at
least two approaches that might be used to uniquely and positively identify individuals before they sign up for an
account (so that I can’t claim to be someone else, for example), and the data access required to make that happen.
These could be online or human-assisted validation approaches. Comment briefly on the tradeoffs between your two
approaches. (2-3 paragraphs)6. Cloud computing, while not new, is gaining in visibility and popularity, both among consumers and businesses.
How does using a cloud computing service affect an organization’s risk management? Name at least three aspects of
cloud operations that make things easier for the InfoSec team, and three aspects that make things harder for the
InfoSec team to be confident about their security management. Explain why.7.Consider the legal and regulatory impacts on information security. There were stories that indicated that the US
National Security Agency had requested encryption keys from U.S. companies are, so that they could at any time
decrypt communications or other data held by those companies, and that Yahoo! had routinely scanned millions of
e-mails on behalf of US intelligence agencies. Assuming those stories are true, what two or three approaches might
individuals take to protect their data from this type of access? Comment on the tradeoffs between the approaches
you identify. Based on Apple and Google’s claims that they have made themselves unable to respond to law
enforcement requests, how does this affect your position? (2-3 paragraphs)8. Bring your own device, or BYOD, is a hot topic in the security industry. What are at least three areas of the
information security practice that are affected by people bringing their own electronic devices into the workplace,
and using them for work purposes? Identify the three areas, and comment briefly on how each is affected by BYOD.
(2-3 paragraphs)9.The text describes a system development life cycle, where security is factored into a number of stages of that life
cycle. Why would it be important for a small retailer to use at least a simple form of a standard life cycle model, as
opposed to approaching decisions and development in a less-structured fashion? Why does a life cycle model
become more important as organizations grow in size and complexity? (1-2 paragraphs)10 . Think about home security – how we protect the physical and other assets in our homes. What are at least four layers
of “defense in depth” in physical home security, and how do these compare and relate to their counterpart principles
in information security? (2-3 paragraphs)11. Consider the recent flurry of data leaks and breaches from large, formerly reputable companies (most recently,
Yahoo!), which indicate that perhaps organizations continue to be more vulnerable than previously known. What
(perhaps additional) risk control strategies might organizations utilize to mitigate the risk and damage of these
events? How could disclosure, both of the breach itself, as well as details of how the breach happened, help to
improve security for the Internet as a whole? (2-3 paragraphs)